Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2378)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.122756

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2015-2378)

Summary: The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.

Description: Summary:
The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.

Vulnerability Insight:
[7:3.3.8-26]
- Related: #1186768 - removing patch, because of missing tests and
incorrect patch

[7:3.3.8-25]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Squid needs write access to /var/run/squid.

[7:3.3.8-24]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of /var/run/squid was also needed to be in SPEC file.

[7:3.3.8-23]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of this directory was moved to tmpfiles.d conf file.

[7:3.3.8-22]
- Related: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode. Creation of this directory was moved to service file.

[7:3.3.8-21]
- Resolves: #1263338 - squid with digest auth on big endian systems
start looping

[7:3.3.8-20]
- Resolves: #1186768 - security issue: Nonce replay vulnerability
in Digest authentication

[7:3.3.8-19]
- Resolves: #1225640 - squid crashes by segfault when it reboots

[7:3.3.8-18]
- Resolves: #1102842 - squid rpm package misses /var/run/squid needed for
smp mode

[7:3.3.8-17]
- Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server
certificate validation

[7:3.3.8-16]
- Resolves: #1080042 - Supply a firewalld service file with squid

[7:3.3.8-15]
- Resolves: #1161600 - Squid does not serve cached responses
with Vary headers

[7:3.3.8-14]
- Resolves: #1198778 - Filedescriptor leaks on snmp

[7:3.3.8-13]
- Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls
using applications

Affected Software/OS:
'squid' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-3455
BugTraq ID: 74438
http://www.securityfocus.com/bid/74438
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
RedHat Security Advisories: RHSA-2015:2378
http://rhn.redhat.com/errata/RHSA-2015-2378.html
http://www.securitytracker.com/id/1032221
SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122756
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-2378)
Summary:	The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory.
Description:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the ELSA-2015-2378 advisory. Vulnerability Insight: [7:3.3.8-26] - Related: #1186768 - removing patch, because of missing tests and incorrect patch [7:3.3.8-25] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Squid needs write access to /var/run/squid. [7:3.3.8-24] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of /var/run/squid was also needed to be in SPEC file. [7:3.3.8-23] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to tmpfiles.d conf file. [7:3.3.8-22] - Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to service file. [7:3.3.8-21] - Resolves: #1263338 - squid with digest auth on big endian systems start looping [7:3.3.8-20] - Resolves: #1186768 - security issue: Nonce replay vulnerability in Digest authentication [7:3.3.8-19] - Resolves: #1225640 - squid crashes by segfault when it reboots [7:3.3.8-18] - Resolves: #1102842 - squid rpm package misses /var/run/squid needed for smp mode [7:3.3.8-17] - Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server certificate validation [7:3.3.8-16] - Resolves: #1080042 - Supply a firewalld service file with squid [7:3.3.8-15] - Resolves: #1161600 - Squid does not serve cached responses with Vary headers [7:3.3.8-14] - Resolves: #1198778 - Filedescriptor leaks on snmp [7:3.3.8-13] - Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls using applications Affected Software/OS: 'squid' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3455 BugTraq ID: 74438 http://www.securityfocus.com/bid/74438 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:230 RedHat Security Advisories: RHSA-2015:2378 http://rhn.redhat.com/errata/RHSA-2015-2378.html http://www.securitytracker.com/id/1032221 SuSE Security Announcement: openSUSE-SU-2015:1546 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:2081 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Copyright	Copyright (C) 2015 Greenbone AG